Investment Adviser Expectations in 2024: The SEC's 2023 enforcement actions foretell what's in store for RIAs

Like many other industries, Registered Investment Advisers ("RIAs") have dealt with significant regulatory, technological, and systemic change in recent years. Compared to FINRA-regulated entities, RIAs often face these changes with less frequent or significant touchpoints from their primary regulator, the Securities and Exchange Commission (SEC). The SEC's method of regulating RIAs is typically principle-based rather than prescriptive-based, which the industry generally favors, but this approach certainly has its own pitfalls.

One of the biggest concerns faced by the industry is that due to this principle-based approach, RIAs are forced to interpret the rules themselves (with the help of trusted counsel) without specific guidance from the SEC. Under this approach, the SEC staff generally resorts to providing specific guidance to the industry through enforcement actions. Such "regulation by enforcement" is a widely criticized practice and presents a myriad of problems that have been discussed elsewhere, but one of the main concerns RIA clients face with regulation by enforcement is that they do not know they are out of compliance until an enforcement action is brought against them or a competitor.

We seek to avoid that by equipping our clients with the most up-to-date information we have from the SEC. As we look back on 2023 (and beyond) we can see areas of focus and trends that the SEC has made through their enforcement actions, to better inform RIAs on how they should be complying with the rules.

The SEC filed 784 total enforcement actions in 2023, a 3% increase over 2022,[1] including 139 actions directly against RIAs. This statistic is particularly notable because the SEC typically only examines 15% of the RIA population of approximately 15,000.[2] Taking into account that enforcement actions are often premised on findings in examinations, it is apparent that SEC staff is finding cause for bringing enforcement actions in many of their relatively small universe of examinations.

We have outlined some topics the SEC focused on in 2023 that we expect to be a continued focus in 2024.

The Marketing Rule

The "new" Marketing Rule, Section 206(4)(1) under the Investment Advisers Act of 1940 (the "Marketing Rule"), is not so new anymore as one year has passed since the mandated compliance date. The SEC will likely put an increased emphasis on compliance with the rule. In 2023, as a result of an initiative investigating noncompliance with the Marketing Rule, the SEC charged nine investment advisers with noncompliance. The SEC's order found that each of the charged firms advertised hypothetical performance to mass audiences on their websites without having the required policies and procedures "designed to ensure that the hypothetical performance is relevant to the likely financial situation and investment objectives of the intended audience of the advertisement." Each of the firms settled the charges, paying combined civil penalties of $850,000 with the largest being a penalty of $175,000. In addition, fintech investment adviser Titan Global Capital Management USA LLC agreed to pay more than $1 million in a combined civil penalty, disgorgement, and prejudgment interest to settle charges that it violated the Marketing Rule.[3] According to the SEC's order, Titan made misleading statements on its website regarding hypothetical performance and violated the Marketing Rule by advertising hypothetical performance metrics without having adopted and implemented the required policies and procedures.

The SEC's 2024 Examination Priorities also highlight the Marketing Rule as an area of focus for 2024. In particular, SEC staff is examining whether RIAs have: (1) adopted and implemented reasonably designed written policies and procedures to prevent violations of the Advisers Act and the rules thereunder including reforms to the Marketing Rule; (2) appropriately disclosed their marketing-related information on Form ADV; and (3) maintained substantiation of their processes and other required books and records.[4] SEC staff will also be looking into assessing whether any disseminated advertisements include any untrue statements of a material fact, are materially misleading, or are otherwise deceptive and, as applicable, comply with the requirements for performance (including hypothetical and predecessor performance), third-party ratings, and testimonials and endorsements.[5]

We recommend RIAs pay close attention to their marketing practices and in particular their marketing disclosures and policies and procedures. We expect the SEC to focus on the use of hypothetical performance in marketing materials and advertising disclosures in the coming years, so RIAs should be reviewing their practices and policies in this area.

Cryptocurrency

The SEC has become more involved in the cryptocurrency discourse over the past few years. On September 27, 2023, SEC Chair Gary Gensler testified before the House Financial Services Committee and provided comments on the regulation of cryptocurrencies and digital assets. In relevant part, Chair Gensler stated, "Congress could have said in 1933 or in 1934 that the securities laws applied only to stocks and bonds. Yet Congress included a long list of 30-plus items in the definition of a security, including the term 'investment contract.' As I've previously said, without prejudging any one token, the vast majority of crypto tokens likely meet the investment contract test."[6]

In 2023, the SEC recommended enforcement actions addressing a range of alleged misconduct in the crypto asset securities space, including billion-dollar crypto fraud schemes, unregistered crypto asset offerings, platforms, and intermediaries, and illegal celebrity touting. Notably, the Division's investigations resulted in litigated charges alleging massive crypto fraud. The SECinvestigations led to charges against numerous firms for allegedly offering unregistered securities through crypto asset lending and/or staking programs. The SEC also brought a series of enforcement actions in 2023 addressing the alleged rampant noncompliance in the crypto asset intermediary space.

The 2024 Examination Priorities also noted the SEC staff will continue to observe the proliferation of crypto assets and will focus on RIAs who offering new products and services or are engaging in the cryptocurrency industry.[7] With increased attention and significant enforcement action from the SEC against those in the crypto industry, it is essential for RIAs to understand the risks posed by engaging in the crypto industry in any capacity. The SEC has been clear that if a digital asset meets the definition of security, it will be regulated in the same manner as all other securities, so they must therefore comply with SEC rules.

Recently, the SEC approved a series of Spot Bitcoin ETFs. In a statement following the approval of the Spot Bitcoin ETFs, Chair Gensler commented that "existing rules and standards of conduct will apply to the purchase and sale of approved ETPs. This includes, for example, Regulation Best Interest when broker-dealers recommend ETPs to retail investors, as well as a fiduciary duty under the Investment Advisers Act for investment advisers."[8] Chair Gensler also made it clear the approval of the ETFs does not mean the SEC approves or endorses crypto trading platforms, intermediaries or Bitcoin itself. Because the regulation of cryptocurrencies is still very much an open question in 2024, we recommend all RIAs consult outside counsel before engaging in activities, including offering or advising on products related to cryptocurrencies.

Cybersecurity

Cybersecurity has become a major issue across the financial services industry, and the SEC has continued to place an emphasis on cybersecurity for RIAs.The SEC originally proposed a rule for cybersecurity risk management for RIAs and funds in February 2022 (we discussed this proposed rule here). If that rule is adopted, RIAs and other similar entities would be required to implement comprehensive cybersecurity policies and procedures, conduct and document risk assessments, implement access controls, monitor and remediate vulnerabilities, and detect, respond to, and report cybersecurity incidents.

As it currently stands, SEC staff called out cybersecurity in their examination priorities report, highlighting that examinations will focus on RIAs' (and other registrants') policies and procedures, internal controls, oversight of third-party vendors (where applicable), governance practices, and responses to cyber-related incidents, including those related to ransomware attacks.[9] Their review will consider whether registrants adequately train staff regarding the registrants' identity theft prevention program and policies and procedures designed to protect customer records and information.

In 2023, the SEC settled charges against software company Blackbaud Inc. for making misleading disclosures about a 2020 ransomware attack that impacted more than 13,000 customers. Blackbaud agreed to pay a $3 million civil penalty to settle the charges.[10] For more coverage on this action, see DWT's article on it, available here. We expect cybersecurity to be an area of focus for the SEC in the short and long term. We recommend RIAs conduct frequent reviews of their cybersecurity policies and procedures to test their cybersecurity resiliency to protect themselves against cyber-attacks and regulatory actions.

Disclosures and Conflicts of Interest

SEC regulation is inherently disclosure-based, and RIAs are always required to disclose their conflicts of interest. The SEC will always place an emphasis on RIA disclosures because it is the primary means for RIAs to communicate the essential information about their business to clients, prospective clients, and the SEC. In the SEC's Examination Priorities, the SEC naturally highlighted that they would be looking to examine all RIA disclosures to review the accuracy and completeness of regulatory filings, including Form CRS, with a particular focus on inadequate or misleading disclosures and registration eligibility.[11]

In 2023, the SEC charged investment adviser AssetMark Inc. related to undisclosed conflicts of interest involving a cash sweep program operated by its affiliated custodian and its receipt of millions of dollars in revenue-sharing payments from third-party custodians. The parties settled and agreed to pay a civil penalty of $9.5 million and disgorgement and prejudgment interest of more than $8.5 million to settle the charges.[12]

The SEC also brought an enforcement action against investment adviser ETF Managers Group LLC and its CEO for misleading the trustees of a fund they managed to obtain $20 million in rescue financing to avoid a possible bankruptcy. To settle the charges, the firm and its parent company were ordered to pay a $4 million civil penalty, and the CEO agreed to pay a $400,000 civil penalty personally and was barred from association with or employment by an investment adviser, among other remedial measures.[13]

As we enter the first quarter of 2024, we recommend reviewing all firm disclosures to confirm they appropriately match the business and ensuring that the firm is following its policies and procedures prior to its annual ADV filing. To ensure that they are following through with their disclosures and policies and procedures, we also recommend RIAs conduct regular risk assessments of their business.

Private Funds

On August 23, 2023, the SEC finalized the new Private Fund Adviser Rules, which consist of five sets of regulations and prohibitions referred to as the Restricted Activities Rule, Preferential Treatment Rule, Quarterly Statement Rule, Audit Rule, and Adviser-Led Secondary Rule.[14] The rules have rolling compliance dates depending on the regulation and the amount of assets under management of the private fund adviser, with the first compliance date being September 14, 2024.

The rules were designed to enhance the regulation of the private fund adviser industry and protect private fund investors by increasing transparency, competition, and efficiency in the private funds market. Among other requirements, the rules require private fund advisers to provide investors with quarterly statements, annual financial statement audits of each private fund it advises, and prohibit all private fund advisers from providing investors with preferential treatment if it would have a material negative effect on other investors.[15]

SEC staff highlighted an enhanced review of private fund advisers in their 2024 examination report. Specifically, examiners will look at risk management, contractual compliance, accurate fee charging practices, due diligence practices, side-by-side management, custody, and compliance with Form PF.[16]

With the finalization of the Private Fund Adviser Rules and the focus in exams this year, we expect the SEC to place a renewed emphasis on private fund adviser compliance. We recommend all private fund advisers review their policies and procedures in conjunction with the new rules to ensure they will be compliant when the compliance dates arrive.

Conclusion

RIAs have been grappling with significant technological and regulatory changes over the past few years, neither of which appear to be slowing down. The SEC communicates their regulatory agenda for RIAs through their Rulemakings, Examination Priorities, and Enforcement Actions. We can glean insight on where the SEC may be focusing year over year, but ultimately it is the responsibility of the RIAs to find a way to be compliant with SEC rules. As we often tell clients, its not a question of "if" the SEC will examine your business, but rather a question of "when" they will and whether you will be prepared for the exam. SOURCE

Advisor Armor